The Federal Trade Commission Commissioner considering restrictions on companies using data for tracking and profiling
Federal Trade Commissioner Rebecca Kelly Slaughter spoke at the National Advertising Division’s annual conference, a unit of the BBB National Programs. She spoke of a potential “minimization framework” aiming to disable surveillance advertising. She also identified growing issues with businesses that focus on data monetization and “indiscriminate” data collection practices (i.e., data collection that could potentially result in civil rights violations, misinformation, and competitive harms).
Germany’s Data Protection Authority (DPA) provides updated guidance on international data transfers
Germany’s DPA updated their international data transfer FAQs in the context of the updated Standard Contractual Clauses (SCCs). Covers legal concepts and describes responsibilities of the parties involved in the data transfer like ‘What is a controller?’; ‘Can I be a controller and processor at the same time?’ and ‘How do jointly responsible determine who has which duties? Do you need a contract?’ and more.
Sources: IAPP, Datenschutz
Brazil’s DPA issues an information security guide for smaller data processors for LGPD compliance
Information security guide lists suggested administrative and technical measures for LGPD compliance. The DPA also published a checklist outlining how to adopt suggested measures. Brazil’s DPA aims to provide tools and document templates to help organizations understand how to protect personal data in accordance with the law.
The latest luxury trend? Marketing using Zero Party data
Marketing for luxury brands is trending away from first and third-party cookies. Instead, luxury brands are moving towards using “zero-party” data (i.e., data that a consumer willingly provides through a relationship with the company).
Sources: IAPP, Digiday, Vogue Business
State Legislation
Massachusetts Legislature will hold a hearing on October 13 to consider at least seven data privacy-related bills, including Bill S.46–the proposed Massachusetts Information Privacy Act.
Sources: IAPP, MA legislature
California: Gov. Newsom approves Assembly Bill 694 amending the CCPA / CPRA, including clarifying timing for CPRA rule-making (as we saw last week – the California Privacy Protection Agency kicked off preliminary information gathering for that rule-making effort).
Federal Legislation
Legislators reintroduce KIDS (Kids Internet Design and Safety Act) Act – which, among other things, would ban “auto-play” settings and follower counts.
Catalyst for action: This week, during the hearing with Facebook whistleblower Frances Haugen, lawmakers explicitly called for action to create federal privacy legislation.
International Legislation
India: India’s proposed privacy law, the Personal Data Protection Bill’s proposed amendments are backed up for consideration on October 20 when the Joint Parliamentary committee reconvenes.
Sources: IAPP, The Indian Express
South Korea: South Korea’s Personal Information Protection Commission issued guidance that includes plans to launch an agency for managing pseudonymization agency, data security measures recommended for organizations, encryption practices, and more.
Privacy Tech
Gretel AI: Synthetic data tech startup raises $50M in Series B funding
- Platform for engineers to create anonymized and synthetic data based on actual data sets.
- Potentially could eliminate risks around data breaches exposing personal information
Sources: IAPP, Tech Crunch
Duality Technologies: Privacy-enhancing data platform raises $30M in Series B funding round
- Enables collaboration on sensitive data without compromising on data privacy and business confidentiality
- Protects data through homomorphic encryption
Sources: IAPP, VentureBeat
Further reading from this week:
- NIST releases 2020 Cybersecurity and Privacy Program Annual Report (IAPP, NIST)
- FTC alum Ashkan Soltani selected to lead CPPA (IAPP)
- Stakeholders: Soltani-led CPPA primed to address adtech (IAPP, Digiday)
- Google turning on 2FA in 150M devices by end of 2021 (IAPP, NYT, the Verge)
- Personal data of 1.5B Facebook users scraped, for sale, and more data breach news (IAPP, TechRepublic, ZDNet, InfoSecurity Magazine)
- 10 recommendations for regulating non-identifiable data (IAPP)
- As data breaches near ’all-time high,’ Senate committee talks regulation (IAPP)
- CIPL releases recommendations on e-Privacy Regulation (IAPP, CIPL)
- The U.S. District Court for the Northern District of Illinois granted preliminary approval of ByteDance’s $92 million settlement with U.S. TikTok users (IAPP, Bloomberg Law)
- New study shows online privacy protection increasingly matters to consumers (IAPP, Tech Republic)
- EU: MEP talks Digital Service Act enforcements, limiting targeted ads (IAPP, Reuters)
